RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
haproxy/include/proto/proto_tcp.h

108 lines
3.7 KiB
C
Raw Normal View History

[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
/*
[MEDIUM] backend: move the transparent proxy address selection to backend The transparent proxy address selection was set in the TCP connect function which is not the most appropriate place since this function has limited access to the amount of parameters which could produce a source address. Instead, now we determine the source address in backend.c:connect_server(), right after calling assign_server_address() and we assign this address in the session and pass it to the TCP connect function. This cannot be performed in assign_server_address() itself because in some cases (transparent mode, dispatch mode or http_proxy mode), we assign the address somewhere else. This change will open the ability to bind to addresses extracted from many other criteria (eg: from a header).
2010-03-29 17:36:59 +00:00
* include/proto/proto_tcp.h
* This file contains TCP socket protocol definitions.
*
MEDIUM: samples: move payload-based fetches and ACLs to their own file The file acl.c is a real mess, it both contains functions to parse and process ACLs, and some sample extraction functions which act on buffers. Some other payload analysers were arbitrarily dispatched to proto_tcp.c. So now we're moving all payload-based fetches and ACLs to payload.c which is capable of extracting data from buffers and rely on everything that is protocol-independant. That way we can safely inflate this file and only use the other ones when some fetches are really specific (eg: HTTP, SSL, ...). As a result of this cleanup, the following new sample fetches became available even if they're not really useful : always_false, always_true, rep_ssl_hello_type, rdp_cookie_cnt, req_len, req_ssl_hello_type, req_ssl_sni, req_ssl_ver, wait_end The function 'acl_fetch_nothing' was wrong and never used anywhere so it was removed. The "rdp_cookie" sample fetch used to have a mandatory argument while it was optional in ACLs, which are supposed to iterate over RDP cookies. So we're making it optional as a fetch too, and it will return the first one.
2013-01-07 20:59:07 +00:00
* Copyright (C) 2000-2013 Willy Tarreau - w@1wt.eu
[MEDIUM] backend: move the transparent proxy address selection to backend The transparent proxy address selection was set in the TCP connect function which is not the most appropriate place since this function has limited access to the amount of parameters which could produce a source address. Instead, now we determine the source address in backend.c:connect_server(), right after calling assign_server_address() and we assign this address in the session and pass it to the TCP connect function. This cannot be performed in assign_server_address() itself because in some cases (transparent mode, dispatch mode or http_proxy mode), we assign the address somewhere else. This change will open the ability to bind to addresses extracted from many other criteria (eg: from a header).
2010-03-29 17:36:59 +00:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation, version 2.1
* exclusively.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
#ifndef _PROTO_PROTO_TCP_H
#define _PROTO_PROTO_TCP_H
#include <common/config.h>
[MAJOR] implement tcp request content inspection Some people need to inspect contents of TCP requests before deciding to forward a connection or not. A future extension of this demand might consist in selecting a server farm depending on the protocol detected in the request. For this reason, a new state CL_STINSPECT has been added on the client side. It is immediately entered upon accept() if the statement "tcp-request inspect-delay <xxx>" is found in the frontend configuration. Haproxy will then wait up to this amount of time trying to find a matching ACL, and will either accept or reject the connection depending on the "tcp-request content <action> {if|unless}" rules, where <action> is either "accept" or "reject". Note that it only waits that long if no definitive verdict can be found earlier. That generally implies calling a fetch() function which does not have enough information to decode some contents, or a match() function which only finds the beginning of what it's looking for. It is only at the ACL level that partial data may be processed as such, because we need to distinguish between MISS and FAIL *before* applying the term negation. Thus it is enough to add "| ACL_PARTIAL" to the last argument when calling acl_exec_cond() to indicate that we expect ACL_PAT_MISS to be returned if some data is missing (for fetch() or match()). This is the only case we may return this value. For this reason, the ACL check in process_cli() has become a lot simpler. A new ACL "req_len" of type "int" has been added. Right now it is already possible to drop requests which talk too early (eg: for SMTP) or which don't talk at all (eg: HTTP/SSL). Also, the acl fetch() functions have been extended in order to permit reporting of missing data in case of fetch failure, using the ACL_TEST_F_MAY_CHANGE flag. The default behaviour is unchanged, and if no rule matches, the request is accepted. As a side effect, all layer 7 fetching functions have been cleaned up so that they now check for the validity of the layer 7 pointer before dereferencing it.
2008-07-14 21:54:42 +00:00
#include <types/proto_tcp.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
#include <types/task.h>
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
#include <proto/stick_table.h>
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
[MEDIUM] add internal support for IPv6 server addresses This patch turns internal server addresses to sockaddr_storage to store IPv6 addresses, and makes the connect() function use it. This code already works but some caveats with getaddrinfo/gethostbyname still need to be sorted out while the changes had to be merged at this stage of internal architecture changes. So for now the config parser will not emit an IPv6 address yet so that user experience remains unchanged. This change should have absolutely zero user-visible effect, otherwise it's a bug introduced during the merge, that should be reported ASAP.
2011-03-10 21:26:24 +00:00
int tcp_bind_socket(int fd, int flags, struct sockaddr_storage *local, struct sockaddr_storage *remote);
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
void tcpv4_add_listener(struct listener *listener);
void tcpv6_add_listener(struct listener *listener);
MEDIUM: listener: implement a per-protocol pause() function In order to fix the abstact socket pause mechanism during soft restarts, we'll need to proceed differently depending on the socket protocol. The pause_listener() function already supports some protocol-specific handling for the TCP case. This commit makes this cleaner by adding a new ->pause() function to the protocol struct, which, if defined, may be used to pause a listener of a given protocol. For now, only TCP has been adapted, with the specific code moved from pause_listener() to tcp_pause_listener().
2014-07-07 18:22:12 +00:00
int tcp_pause_listener(struct listener *l);
MEDIUM: tcp: add explicit support for delayed ACK in connect() Commit 24db47e0 tried to improve support for delayed ACK upon connect but it was incomplete, because checks with the proxy protocol would always enable polling for data receive and there was no way of distinguishing data polling and delayed ack. So we add a distinct delack flag to the connect() function so that the caller decides whether or not to use a delayed ack regardless of pending data (eg: when send-proxy is in use). Doing so covers all combinations of { (check with data), (sendproxy), (smart-connect) }.
2012-11-24 09:24:27 +00:00
int tcp_connect_server(struct connection *conn, int data, int delack);
MEDIUM: stream_interface: pass connection instead of fd in sock_ops The sock_ops I/O callbacks made use of an FD till now. This has become inappropriate and the struct connection is much more useful. It also fixes the race condition introduced by previous change.
2012-07-23 16:53:03 +00:00
int tcp_connect_probe(struct connection *conn);
BUG/MEDIUM: stream_interface: restore get_src/get_dst Commit e164e7a removed get_src/get_dst setting in the stream interfaces but forgot to set it in proto_tcp. Get the feature back because we need it for logging, transparent mode, ACLs etc... We now rely on the stream interface direction to know what syscall to use. One benefit of doing it this way is that we don't use getsockopt() anymore on outgoing stream interfaces nor on UNIX sockets.
2012-05-11 14:16:40 +00:00
int tcp_get_src(int fd, struct sockaddr *sa, socklen_t salen, int dir);
int tcp_get_dst(int fd, struct sockaddr *sa, socklen_t salen, int dir);
MEDIUM: protocol: implement a "drain" function in protocol layers Since commit cfd97c6f was merged into 1.5-dev14 (BUG/MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts), some valid health checks sometimes used to show some TCP resets. For example, this HTTP health check sent to a local server : 19:55:15.742818 IP 127.0.0.1.16568 > 127.0.0.1.8000: S 3355859679:3355859679(0) win 32792 <mss 16396,nop,nop,sackOK,nop,wscale 7> 19:55:15.742841 IP 127.0.0.1.8000 > 127.0.0.1.16568: S 1060952566:1060952566(0) ack 3355859680 win 32792 <mss 16396,nop,nop,sackOK,nop,wscale 7> 19:55:15.742863 IP 127.0.0.1.16568 > 127.0.0.1.8000: . ack 1 win 257 19:55:15.745402 IP 127.0.0.1.16568 > 127.0.0.1.8000: P 1:23(22) ack 1 win 257 19:55:15.745488 IP 127.0.0.1.8000 > 127.0.0.1.16568: FP 1:146(145) ack 23 win 257 19:55:15.747109 IP 127.0.0.1.16568 > 127.0.0.1.8000: R 23:23(0) ack 147 win 257 After some discussion with Chris Huang-Leaver, it appeared clear that what we want is to only send the RST when we have no other choice, which means when the server has not closed. So we still keep SYN/SYN-ACK/RST for pure TCP checks, but don't want to see an RST emitted as above when the server has already sent the FIN. The solution against this consists in implementing a "drain" function at the protocol layer, which, when defined, causes as much as possible of the input socket buffer to be flushed to make recv() return zero so that we know that the server's FIN was received and ACKed. On Linux, we can make use of MSG_TRUNC on TCP sockets, which has the benefit of draining everything at once without even copying data. On other platforms, we read up to one buffer of data before the close. If recv() manages to get the final zero, we don't disable lingering. Same for hard errors. Otherwise we do. In practice, on HTTP health checks we generally find that the close was pending and is returned upon first recv() call. The network trace becomes cleaner : 19:55:23.650621 IP 127.0.0.1.16561 > 127.0.0.1.8000: S 3982804816:3982804816(0) win 32792 <mss 16396,nop,nop,sackOK,nop,wscale 7> 19:55:23.650644 IP 127.0.0.1.8000 > 127.0.0.1.16561: S 4082139313:4082139313(0) ack 3982804817 win 32792 <mss 16396,nop,nop,sackOK,nop,wscale 7> 19:55:23.650666 IP 127.0.0.1.16561 > 127.0.0.1.8000: . ack 1 win 257 19:55:23.651615 IP 127.0.0.1.16561 > 127.0.0.1.8000: P 1:23(22) ack 1 win 257 19:55:23.651696 IP 127.0.0.1.8000 > 127.0.0.1.16561: FP 1:146(145) ack 23 win 257 19:55:23.652628 IP 127.0.0.1.16561 > 127.0.0.1.8000: F 23:23(0) ack 147 win 257 19:55:23.652655 IP 127.0.0.1.8000 > 127.0.0.1.16561: . ack 24 win 257 This change should be backported to 1.4 which is where Chris encountered this issue. The code is different, so probably the tcp_drain() function will have to be put in the checks only.
2013-06-10 17:56:38 +00:00
int tcp_drain(int fd);
REORG/MAJOR: session: rename the "session" entity to "stream" With HTTP/2, we'll have to support multiplexed streams. A stream is in fact the largest part of what we currently call a session, it has buffers, logs, etc. In order to catch any error, this commit removes any reference to the struct session and tries to rename most "session" occurrences in function names to "stream" and "sess" to "strm" when that's related to a session. The files stream.{c,h} were added and session.{c,h} removed. The session will be reintroduced later and a few parts of the stream will progressively be moved overthere. It will more or less contain only what we need in an embryonic session. Sample fetch functions and converters will have to change a bit so that they'll use an L5 (session) instead of what's currently called "L4" which is in fact L6 for now. Once all changes are completed, we should see approximately this : L7 - http_txn L6 - stream L5 - session L4 - connection | applet There will be at most one http_txn per stream, and a same session will possibly be referenced by multiple streams. A connection will point to a session and to a stream. The session will hold all the information we need to keep even when we don't yet have a stream. Some more cleanup is needed because some code was already far from being clean. The server queue management still refers to sessions at many places while comments talk about connections. This will have to be cleaned up once we have a server-side connection pool manager. Stream flags "SN_*" still need to be renamed, it doesn't seem like any of them will need to move to the session.
2015-04-02 22:22:06 +00:00
int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit);
int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit);
MAJOR: tcp: make tcp_exec_req_rules() only rely on the session It passes a NULL wherever a stream was needed (acl_exec_cond() and action_ptr mainly). It can still track the connection rate correctly and block based on ACLs.
2015-04-04 14:41:45 +00:00
int tcp_exec_req_rules(struct session *sess);
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
MEDIUM: tcp: add register keyword system. This patch introduces an action keyword registration system for TCP rulesets similar to what is available for HTTP rulesets. This sytem will be useful with lua.
2014-12-12 18:41:33 +00:00
/* TCP keywords. */
void tcp_req_conn_keywords_register(struct tcp_action_kw_list *kw_list);
void tcp_req_cont_keywords_register(struct tcp_action_kw_list *kw_list);
void tcp_res_cont_keywords_register(struct tcp_action_kw_list *kw_list);
MINOR: tcp: replace tcp_src_to_stktable_key with addr_to_stktable_key Make it more obvious that this function does not depend on any knowledge of the session. This is important to plan for TCP rules that can run on connection without any initialized session yet.
2012-08-30 20:59:48 +00:00
/* Converts the INET/INET6 source address to a stick_table key usable for table
BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches The function addr_to_stktable_key doesn't consider the expected type of key. If the stick table key is based on IPv6 addresses and the input is IPv4, the returned key is IPv4 adddress and his length is 4 bytes, while is expected 16 bytes key. This patch considers the expected key and try to convert IPv4 to IPv6 and IPv6 to IPv4 according with the expected key. This fixes the bug reported by Apollon Oikonomopoulos. This bug was introduced somewhere in the 1.5-dev process.
2014-04-14 12:35:40 +00:00
* lookups. <type> can be STKTABLE_TYPE_IP or STKTABLE_TYPE_IPV6. The function
* try to convert the incoming IP to the type expected by the sticktable.
* Returns either NULL if the source cannot be converted (eg: not IPv4) or a
* pointer to the converted result in static_table_key in the appropriate format
* (IP).
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
*/
BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches The function addr_to_stktable_key doesn't consider the expected type of key. If the stick table key is based on IPv6 addresses and the input is IPv4, the returned key is IPv4 adddress and his length is 4 bytes, while is expected 16 bytes key. This patch considers the expected key and try to convert IPv4 to IPv6 and IPv6 to IPv4 according with the expected key. This fixes the bug reported by Apollon Oikonomopoulos. This bug was introduced somewhere in the 1.5-dev process.
2014-04-14 12:35:40 +00:00
static inline struct stktable_key *addr_to_stktable_key(struct sockaddr_storage *addr, long type)
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
{
MINOR: tcp: replace tcp_src_to_stktable_key with addr_to_stktable_key Make it more obvious that this function does not depend on any knowledge of the session. This is important to plan for TCP rules that can run on connection without any initialized session yet.
2012-08-30 20:59:48 +00:00
switch (addr->ss_family) {
[MEDIUM] IPv6 support for stick-tables Since IPv6 is a different type than IPv4, the pattern fetch functions src6 and dst6 were added. IPv6 stick-tables can also fetch IPv4 addresses with src and dst. In this case, the IPv4 addresses are mapped to their IPv6 counterpart, according to RFC 4291.
2011-03-24 10:09:31 +00:00
case AF_INET:
BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches The function addr_to_stktable_key doesn't consider the expected type of key. If the stick table key is based on IPv6 addresses and the input is IPv4, the returned key is IPv4 adddress and his length is 4 bytes, while is expected 16 bytes key. This patch considers the expected key and try to convert IPv4 to IPv6 and IPv6 to IPv4 according with the expected key. This fixes the bug reported by Apollon Oikonomopoulos. This bug was introduced somewhere in the 1.5-dev process.
2014-04-14 12:35:40 +00:00
/* Convert IPv4 to IPv4 key. */
if (type == STKTABLE_TYPE_IP) {
static_table_key->key = (void *)&((struct sockaddr_in *)addr)->sin_addr;
break;
}
/* Convert IPv4 to IPv6 key. */
if (type == STKTABLE_TYPE_IPV6) {
v4tov6(&static_table_key->data.ipv6, &((struct sockaddr_in *)addr)->sin_addr);
static_table_key->key = &static_table_key->data.ipv6;
break;
}
return NULL;
[MEDIUM] IPv6 support for stick-tables Since IPv6 is a different type than IPv4, the pattern fetch functions src6 and dst6 were added. IPv6 stick-tables can also fetch IPv4 addresses with src and dst. In this case, the IPv4 addresses are mapped to their IPv6 counterpart, according to RFC 4291.
2011-03-24 10:09:31 +00:00
case AF_INET6:
BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_* fetches The function addr_to_stktable_key doesn't consider the expected type of key. If the stick table key is based on IPv6 addresses and the input is IPv4, the returned key is IPv4 adddress and his length is 4 bytes, while is expected 16 bytes key. This patch considers the expected key and try to convert IPv4 to IPv6 and IPv6 to IPv4 according with the expected key. This fixes the bug reported by Apollon Oikonomopoulos. This bug was introduced somewhere in the 1.5-dev process.
2014-04-14 12:35:40 +00:00
/* Convert IPv6 to IPv4 key. This conversion can be failed. */
if (type == STKTABLE_TYPE_IP) {
if (!v6tov4(&static_table_key->data.ip, &((struct sockaddr_in6 *)addr)->sin6_addr))
return NULL;
static_table_key->key = &static_table_key->data.ip;
break;
}
/* Convert IPv6 to IPv6 key. */
if (type == STKTABLE_TYPE_IPV6) {
static_table_key->key = (void *)&((struct sockaddr_in6 *)addr)->sin6_addr;
break;
}
return NULL;
BUG: stktable: tcp_src_to_stktable_key() must return NULL on invalid families Source addresses of non-TCP families were not correctly handled by tcp_src_to_stktable_key() as it forgot to return NULL and instead left the previous value in the stick-table buffer. This bug is 1.5-specific and was introduced by commit 4f92d320 in 1.5-dev6 so it does not need any backport.
2012-08-30 20:52:28 +00:00
default:
return NULL;
[MEDIUM] IPv6 support for stick-tables Since IPv6 is a different type than IPv4, the pattern fetch functions src6 and dst6 were added. IPv6 stick-tables can also fetch IPv4 addresses with src and dst. In this case, the IPv4 addresses are mapped to their IPv6 counterpart, according to RFC 4291.
2011-03-24 10:09:31 +00:00
}
MEDIUM: stick-table: allocate the table key of size buffer size Keys are copied from samples to stick_table_key. If a key is larger than the stick_table_key, we have an overflow. In pratice it does not happen because it requires : 1) a configuration with tune.bufsize larger than BUFSIZE (common) 2) a stick-table configured with keys strictly larger than buffers 3) extraction of data larger than BUFSIZE (eg: using payload()) Points 2 and 3 don't make any sense for a real world configuration. That said the issue needs be fixed. The solution consists in allocating it the same size as the global buffer size, just like the samples. This fixes the issue.
2012-10-29 20:56:59 +00:00
return static_table_key;
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
}
MINOR: counters: make it easier to extend the amount of tracked counters By properly affecting the flags and values, it becomes easier to add more tracked counters, for example for experimentation. It also slightly reduces the code and the number of tests. No counters were added with this patch.
2013-05-28 15:40:25 +00:00
/* for a tcp-request action TCP_ACT_TRK_*, return a tracking index starting at
BUG/MINOR: config: report the correct track-sc number in tcp-rules When parsing track-sc* actions in tcp-request rules, we now automatically compute the track-sc identifier number using %d when displaying an error message. But the ID has become wrong since we introduced sc0, we continue to report id+1 in error messages causing some confusion. No backport is needed.
2013-12-02 22:29:05 +00:00
* zero for SC0. Unknown actions also return zero.
MINOR: counters: make it easier to extend the amount of tracked counters By properly affecting the flags and values, it becomes easier to add more tracked counters, for example for experimentation. It also slightly reduces the code and the number of tests. No counters were added with this patch.
2013-05-28 15:40:25 +00:00
*/
static inline int tcp_trk_idx(int trk_action)
{
MEDIUM: counters: use sc0/sc1/sc2 instead of sc1/sc2/sc3 It was a bit inconsistent to have gpc start at 0 and sc start at 1, so make sc start at zero like gpc. No previous release was issued with sc3 anyway, so no existing setup should be affected.
2013-06-17 13:04:07 +00:00
return trk_action - TCP_ACT_TRK_SC0;
MINOR: counters: make it easier to extend the amount of tracked counters By properly affecting the flags and values, it becomes easier to add more tracked counters, for example for experimentation. It also slightly reduces the code and the number of tests. No counters were added with this patch.
2013-05-28 15:40:25 +00:00
}
[MAJOR] session: add track-counters to track counters related to the session This patch adds the ability to set a pointer in the session to an entry in a stick table which holds various counters related to a specific pattern. Right now the syntax matches the target syntax and only the "src" pattern can be specified, to track counters related to the session's IPv4 source address. There is a special function to extract it and convert it to a key. But the goal is to be able to later support as many patterns as for the stick rules, and get rid of the specific function. The "track-counters" directive may only be set in a "tcp-request" statement right now. Only the first one applies. Probably that later we'll support multi-criteria tracking for a single session and that we'll have to name tracking pointers. No counter is updated right now, only the refcount is. Some subsequent patches will have to bring that feature.
2010-06-14 19:04:55 +00:00
[MAJOR] create proto_tcp and move initialization of proxy listeners Proxy listeners were very special and not very easy to manipulate. A proto_tcp file has been created with all that is required to manage TCPv4/TCPv6 as raw protocols, and provide generic listeners. The code of start_proxies() and maintain_proxies() now looks less like spaghetti. Also, event_accept will need a serious lifting in order to use more of the information provided by the listener.
2007-10-29 00:09:36 +00:00
#endif /* _PROTO_PROTO_TCP_H */
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/